Re: [Acme] Want client-defined callback port
Richard Barnes <rlb@ipv.sx> Thu, 23 April 2015 13:18 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F8571B2EFC for <acme@ietfa.amsl.com>; Thu, 23 Apr 2015 06:18:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ly4bmMh3Eq8z for <acme@ietfa.amsl.com>; Thu, 23 Apr 2015 06:18:57 -0700 (PDT)
Received: from mail-la0-f42.google.com (mail-la0-f42.google.com [209.85.215.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC8CE1B3027 for <acme@ietf.org>; Thu, 23 Apr 2015 06:18:51 -0700 (PDT)
Received: by labbd9 with SMTP id bd9so12398049lab.2 for <acme@ietf.org>; Thu, 23 Apr 2015 06:18:50 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=tXRAeNlf5fwaMwDC8ld3AxvqYWSyoANATRWVPEO2H4g=; b=cozdB6KakqTKaI+gU1MzFUYP7F4GXZz/MUIjekFNfnW/+tdRBCQpNvFte9lyATQj94 l7MrWWdZWNH2+yXCCPk6+UyFriT+eGj5ImyRRD+SxLcBgp1wHfgqoyy6QJb9GaUM40Ql 5pd7lQn2jQTN3npzbHjUV3gp7kMdNyjJnQ/r1zWDaMKyqI9HxMhYDNs8XtDqcGd2FFAP 3QG0yO5fecHjeV4Ff85BbKHry6gMJOFkk6EnrdrzHIGAusR2RylWwRq9e3zDeMR0iqip jSuIDS7daLW2ImCya/j54TulqK643Ikb/CChjuZ8cOYl0uDVQEo3wNED5bPCpmxKOARJ oBzQ==
X-Gm-Message-State: ALoCoQloVWYiLbJ0va1d0NuTVg8FXZejE4g0BENUgR7rfaBlftIAykO82T+RyT1LaXPa4qheDEEM
MIME-Version: 1.0
X-Received: by 10.112.125.33 with SMTP id mn1mr2438715lbb.82.1429795130239; Thu, 23 Apr 2015 06:18:50 -0700 (PDT)
Received: by 10.25.214.162 with HTTP; Thu, 23 Apr 2015 06:18:50 -0700 (PDT)
In-Reply-To: <CABkgnnXRoBuydMD2v6Jp5jwZRPEUKQKBqiFTfiK=Fs1KQKUzCg@mail.gmail.com>
References: <352DA5FE-AC6F-49A7-8F9F-70A74889204F@apple.com> <CAK3OfOjey4bk02qC_jj2c0AzZ54qnP=KAJnG=mXnO6A5gZ4m9g@mail.gmail.com> <CAL02cgQ94ijVrCM9SStcodRW+XSG2w5Zwu3+ny8HriDBnxjdtg@mail.gmail.com> <FF21526F-BA8D-4F54-AAE3-047632706668@apple.com> <CAL02cgSDk0TNYusEkXA3onmqF7=kaAWhHjpW8WjbiqxgQMdQwQ@mail.gmail.com> <555F6C74-2416-4893-BDEA-A3C2E55A6D57@apple.com> <16985cf1c8c444c48d328fa766ec5ff8@usma1ex-dag1mb2.msg.corp.akamai.com> <DE264105-7317-4343-BCEE-539A73D42544@apple.com> <CAL02cgTv5Zi4wP0gJPvcrty6N96pAaLRkCveyvMNfoyjQrrEyw@mail.gmail.com> <20150423023358.GW27613@eff.org> <CABkgnnXRoBuydMD2v6Jp5jwZRPEUKQKBqiFTfiK=Fs1KQKUzCg@mail.gmail.com>
Date: Thu, 23 Apr 2015 09:18:50 -0400
Message-ID: <CAL02cgTxSOa16-kkEpOZ91yZfKFuSmXXZwyMVD1yYvBe2eP1hg@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary="089e0116136ad702680514641e82"
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/CRSbzXOU7TKCOdrUsZ-myoibgcw>
Cc: "Salz, Rich" <rsalz@akamai.com>, Peter Eckersley <pde@eff.org>, Bruce Gaya <gaya@apple.com>, "acme@ietf.org" <acme@ietf.org>, Nico Williams <nico@cryptonector.com>
Subject: Re: [Acme] Want client-defined callback port
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Apr 2015 13:18:59 -0000
On Thu, Apr 23, 2015 at 12:09 AM, Martin Thomson <martin.thomson@gmail.com> wrote: > On 22 April 2015 at 19:33, Peter Eckersley <pde@eff.org> wrote: > > Perhaps those policies can be stored out of band, or perhaps we can add > > a separate REST API endpoint where clients ask what ports the server > > considers acceptable for DV Challenges. > > > Or just pick port 100 (or another that isn't already taken) and say > 443 or _that_. I can't imagine you would need to have many numbers > before you found one that was free. > This seems like a simpler and safer option to me. Register an ACME port and use that if HTTPS isn't feasible. Bruce, would that meet your use case? That is, in your scenario, can the CalDAV service open a new (privileged) port, or does the ACME verification have to happen on the CalDAV port?
- [Acme] Want client-defined callback port Bruce Gaya
- Re: [Acme] Want client-defined callback port Jacob Hoffman-Andrews
- Re: [Acme] Want client-defined callback port Bruce Gaya
- Re: [Acme] Want client-defined callback port Nico Williams
- Re: [Acme] Want client-defined callback port Salz, Rich
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Bruce Gaya
- Re: [Acme] Want client-defined callback port Randy Bush
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Bruce Gaya
- Re: [Acme] Want client-defined callback port Salz, Rich
- Re: [Acme] Want client-defined callback port Bruce Gaya
- Re: [Acme] Want client-defined callback port Viktor Dukhovni
- Re: [Acme] Want client-defined callback port Salz, Rich
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Bruce Gaya
- Re: [Acme] Want client-defined callback port Ted Hardie
- Re: [Acme] Want client-defined callback port Martin Thomson
- Re: [Acme] Want client-defined callback port Phillip Hallam-Baker
- Re: [Acme] Want client-defined callback port Peter Eckersley
- Re: [Acme] Want client-defined callback port Martin Thomson
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Phillip Hallam-Baker
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Phillip Hallam-Baker
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Salz, Rich
- Re: [Acme] Want client-defined callback port Phillip Hallam-Baker
- Re: [Acme] Want client-defined callback port Bruce Gaya
- Re: [Acme] Want client-defined callback port Viktor Dukhovni
- Re: [Acme] Want client-defined callback port Michael Ströder